Function: Communication (cb18913e-ed20-55c8-875b-3c9e522a6167)
A CSIRT must account for the most accurate audience as communications are crafted and released. In return, a CSIRT must also be equipped to receive incoming feedback, reports, comments, and questions from a variety of sources based on its own communication. The security policy and the information sharing policy may require information to be handled in a strict manner. The CSIRT must be able to share with stakeholders in a reliable, secure, and private manner, both externally and internally. Non-disclosure agreements must be set up as far in advance as possible and communication resources set up accordingly. As an extension, the concept of “information under embargo” can also be used. Hence, a retention policy must also be established to ensure that both the data used to craft the information and the information itself are properly handled, shared, and kept based on constraints—such as time—until these constraints become void or the information is publicly disclosed. Communication channels can take multiple forms based upon the needs of stakeholders and constituents. All information communicated must be tagged according to the information sharing policy. Traffic Light Protocol may be utilized.